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The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to communication(s) filed on 13 April 2004 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
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4) ^ Claim(s) 1-12 is/are pending in the application. 
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5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 1-12 is/are rejected. 
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8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 
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1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 

3.0 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1 . This action is in response to the amendment, Paper No. 4, filled on April 13, 
2004. No claims have been cancelled or added. Claims 1 , 4, 7 and 10 have been 
amended. Presently pending claims are 1-12. 



2. Applicant's argument filled on April 13, 2004, Paper No. 4 has been fully 
considered but they are not persuasive for the following reasons: 

2.1 Regarding amended independent claim 1 , the applicant argued that the cited 
prior art (CPA) [Russell Patent Number 5,455,953] does not describe a "dynamic 
session tracking system". This argument is not found persuasive. Russell discloses the 
connection mechanism in creating and deleting sessions between clients and servers in 
response to corresponding calls by the clients, wherein such connection mechanisms 
tracks the number of requests by the clients. When a session is established, a Server 
that is involved in the session tracks the number of explicit and implicit calls or requests 
(Column 4 lines 64 - Column 13 line 10). 



Response to Argument 
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The applicant argued that the CPA does not disclose, "Storing at least a portion 
of the Session ID on the user's computer". This argument is not found persuasive. 
Russell discloses storing at least a portion of the Session ID on the user's computer 
(Column 5 lines 35 - 53). Furthermore, Russell describes sessions associated with 
connections between a server and a user, with each user managing and storing the 
session ID information through Connection Data Structures and a set of Session Data 
Structures (Fig. 1 and Column 4 line 61 - Column 5 line 26). 

The applicant argued that the CPA does not disclose, "Storing the object in a 
directory coupled with the authorization server". This argument is not found persuasive. 
Russell discloses a method and an apparatus (system) wherein the user information 
including the user access rights are stored in user profile database (Column 21 lines 64 
- Column 22 line 50). Furthermore, Russell discloses receiving at an authorization 
server coupled with the user profile database log-in information from user (Column 3 
line 64 - Column 4 line 9; Column 23 line 51 - Column 24 line 13). Authorization server 
receives login information, user access information and stores the information (Column 
23 lines 1 -9). 

The applicant argued that the CPA does not disclose "writing information to the 
directory". This argument is not found persuasive. Russell discloses storing (writing) the 
information to the directory (Column 23 Lines 1 - 3). Furthermore, Russell describes 
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writing user access and authorization information to the directory (Column 3 lines 36 - 
57). 

The applicant argued that the CPA does not disclose "Comparing authentication 
credentials to static directory information". This argument is not found persuasive. 
Russell describes comparing authentication credentials when a user log-in to system 
with the authorization server, wherein the Authorization server compares authentication 
credentials in the Directory server (static directory) information (Column 22 lines 2-11). 

The applicant argued that the CPA does not disclose "Permitting other computer 
applications launched by the user to reference the session ID". This argument is not 
found persuasive. Russell discloses permitting other computer applications launched by 
the user to reference the Session ID (Column 24 lines 62 - 67). Russell describes 
sessions associated with connections between a server and a user, with each user 
managing and storing the session ID information through Connection Data Structures 
and a set of Session Data Structures (Fig. 1 and Column 4 line 61 - Column 5 line 26). 
Furthermore, Russell describes permitting other computer applications launched by the 
user to reference the Session ID by generating calls to server through connections and 
maintaining the session identifier (SSID) (Column 12 line 43 - Column 13 line 15). 
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Regarding amended dependent claims 4 and 10, the applicant has amended a 
method for session ID based on machine information rather than account codes. 
Russell discloses the Session ID being based on at least one of the following: 

a date on which the computer user launched the computer application; a time in 
which the computer user launched the computer application; a TCP/IP address of the 
computer user; and a user name of the computer (Column 22 lines 2 - 31 ; Column 23 
lines 51 and Column 1 8 lines 40 - 46). 

Regarding amended dependent claims 2 and 8, the applicant has responded that 
the indicated text (Column 22 lines 2 - 6), discusses user look-up for authentication, not 
storage and maintenance of session information. The indicated text discusses look-up 
for user authentication with stored object in the directory. Furthermore, Russell teaches 
and describes the security information including authentication and authorization 
information (Column 21 line 48 - Column 23 line 29). 

Applicant clearly has failed to explicitly identify specific claim limitations, which 
would define a patentable distinction over prior arts. Therefore, the examiner 
respectfully asserts that CPA does teach or suggest the subject matter broadly recited 
in independent claims land 7. Dependent claims 2 - 4 and 8 - 10 are also rejected at 
least by virtue of their dependency on independent claims and by other reasons set 
forth in this office action (Paper No. 5). 
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2.2 Regarding Cited Prior Arts (CPA) Russell and Hartman patents, the applicant 
argued that they do not teach or suggest every element and feature of the claims. This 
argument is not found persuasive. Russell teaches and describes a method for 
dynamically tracking a user session in order to authenticate and authorize a computer 
user. The client information including client access rights are stored in the directory 
server which are access by the authentication server to authorize a client to access the 
applications and services. Hartman teaches and describes a method and system for a 
placing a purchase order via a communication network that includes a server system, 
client system, wherein the shopping cart provides a conventional capability to add items 
to a shopping cart. The server system stores both client information and shopping cart 
information. Therefore, it would have been obvious to a person of ordinary skill in the art 
to implement the claimed invention by including a method for creating and storing a 
shopping cart as taught by Hartman, along with the object in the directory to eliminate 
the need to maintain separate access control systems as taught by Russell. 

Regarding dependent claims 5 and 1 1, the applicant argued that the cited prior 
art (CPA) [Russell Patent Number 5,455,953 in view of Hartman Patent Number 
5,960,411] do not disclose "a method to include a shopping cart and storing the 
shopping cart along with the object in the directory". This argument is not found 
persuasive. Hartman discloses a method and system for storing the shopping cart along 
with the client object directory (Fig. 1 A, 2; Column 3 line 37 - Column 4 line 58 and 
Column 5 line 56 - Column 6 line 21). 
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Regarding dependent claims 6 and 12, the applicant argued that the cited prior 
art (CPA) [Russell Patent Number 5,455,953 in view of Hartman Patent Number 
5,960,41 1] do not disclose "the steps of allowing the user to select items and storing 
the selected items in the shopping cart". This argument is not found persuasive. Russell 
teaches and describes a method for dynamically tracking a user session in order to 
authenticate and authorize a computer user. Hartman discloses a method and system 
to include a step of allowing the user select items and storing information relating to the 
selected items in the shopping cart (Fig. 1 A #103; Column 2 line 51 - Column 3 line 7 
and Column 3 line 59 - Column 4 lines 24). 

Applicant clearly has failed to explicitly identify specific claim limitations, which 
would define a patentable distinction over prior arts. Therefore, the examiner 
respectfully asserts that CPA does teach or suggest the subject matter broadly recited 
in independent claims land 7. Dependent claims 5-6 and 1 1 - 12 are also rejected at 
least by virtue of their dependency on independent claims and by other reasons set 
forth in this office action (Paper No. 5). 

Accordingly, rejections for claims 1 - 12 are respectfully maintained. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

3. Claims 1 - 4 and 7 - 10 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Russell (U.S. Patent NO. 5,455,953). 

As per Claims 1 and 7, Russell teaches a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Column 4 lines 64 - 
Column 13 line 10), the method comprising the steps of: 

Storing security information for users in a user profile database; Receiving at an 
authorization server coupled with the user profile database log-in information from user 
(Col. 21 Lines 64 -67). 

Creating a Session ID on user's computer; storing the Session ID on the user's 
computer (Col. 5 Lines 35 - 40 and Lines 44 - 53). 

Creating an object associated with the computer user or the Session ID (Col. 8 
Lines 8 -16). 

Stores the object in a directory coupled with the authorization server (Col. 23 Lines 

1-3). 
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Copying the security information from the user profile database to the object in the 
directory (Col. 22 Lines 47 - 50). 

Comparing the log-in information to the security information to authenticate or 
authorize the user (Col. 22 Lines 5 - 6). 

Permitting other computer applications launched by the user to reference the 
Session ID (Col. 24 Lines 62 - 67). 

As per Claims 2 and 8, Russell teaches a method for Security information including 
authentication and authorization (Column 21 line 48 - Column 23 line 29). 

As per Claims 3 and 9, Russell teaches a method for the authentication and 
authorization information includes user-id, passwords (Fig. 7 Log-in Name, 220; 
Password, 236; Authenticator, 222; Authorization Server 21 6). 

As per Claims 4 and 10, Russell teaches a method for 
Session ID based on one of the following: 

a date on which the computer user launched the computer application; a time in 
which the computer user launched the computer application; a TCP/IP address of the 
computer user; and an user name of the computer user (Col. 10 Lines 66 - 67; Column 22 
lines 2 - 31 ; Column 23 lines 51 and Column 18 lines 40 - 46). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the 

basis for ail obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 

4. Claims 5 - 6 and 11 - 12 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Russell (U S Patent No. 5,455,953) in view of Hartman al. (U S 
Patent No. 5,960,411). 

As per Claims 5 and 1 1 , even though Russell teaches 
limitations of Claim 1 and Claim 7, Russell does not disclose a method wherein the 
steps include creating a shopping cart and storing the shopping cart along with the 
object in the directory. However, Hartman discloses a method to include a shopping cart 
(Fig. 1 A) and storing the shopping cart along with the object in the directory (Col. 3 
Lines 37 - 40). Therefore, it would have been obvious to a person of ordinary skill in the 
art to implement the claimed invention by including a method for creating and storing a 
shopping cart along with the object in the directory to eliminate the need to maintain 
separate access control systems for each applications as taught by Russell. Such 
modifications would have been obvious because by combining the teachings of Russell 
with Hartman, the directory server has no need to contact multiple applications servers' 
thereby saving time in checking the user access rights. 
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As per Claims 6 and 12, Hartman discloses a method to include the steps of 
allowing the user to select items (Fig. 1 A #102) and storing information relating to the 
selected items in the shopping cart (Col. 3 Lines 59 - 64 and Col. 4 Lines 19 - 24). 

Conclusion 

5. Rejections for Claims 1 - 12 are maintained. 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks, Washington, D.C. 20231 or 
faxed to: (703) 872-9306 for all formal communications. 
Hand-delivered responses should be brought to Crystal Park II, 2121 Crystal 
Drive, Arlington, VA, Fourth Floor (Receptionist). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 703- 
305-8912. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 

Pramila Parthasarathy 
Patent Examiner 
703-305-8912 
June 25, 2004. 




